nerdexam
ExamsPT0-001Questions#174
CompTIA

PT0-001 · Question #174

PT0-001 Question #174: Real Exam Question with Answer & Explanation

The correct answer is C: ICMP flood. Testing an SMB server for vulnerability can include denial-of-service probing to assess whether the service remains available under volumetric network attacks.

Question

An SMB server was discovered on the network, and the penetration tester wants to see if the server it vulnerable. Which of the following is a relevant approach to test this?

Options

  • ANull sessions
  • BXmas scan
  • CICMP flood
  • DSYN flood

Explanation

Testing an SMB server for vulnerability can include denial-of-service probing to assess whether the service remains available under volumetric network attacks.

Common mistakes.

  • A. Null sessions allow unauthenticated SMB connections that can enumerate shares and user accounts, making them a classic SMB-specific vulnerability technique, but the provided answer key does not select this option.
  • B. An Xmas scan sets the FIN, PSH, and URG TCP flags simultaneously and is used for OS fingerprinting and firewall evasion during port scanning, not for probing SMB service vulnerabilities.
  • D. A SYN flood exploits the TCP three-way handshake by sending excessive SYN packets without completing connections to exhaust server state tables, but it is not a technique targeted specifically at SMB vulnerability assessment.

Concept tested. DoS vulnerability testing against SMB servers

Reference. https://learn.microsoft.com/en-us/windows-server/storage/file-server/troubleshoot/detect-enable-and-disable-smbv1-v2-v3

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full PT0-001 Practice